Assignment 5: JDBC

NOTE: create 3 separate java files for the 3 parts below and upload them separately (you can submit 3 files). 1. Write a Java program which connects to PostgreSQL University database. Use whatever user name you to create the relations, when connecting from JDBC. If you followed the instructions correctly, the relations should have been created in a schema with the same name as the user name, and should be accessible from JDBC. 1. The program should take the student id as a commandline argument and display the list of courses the student has enrolled for. 2. Show appropriate error messages with exception handling. This can be quite useful also for debugging your program. 2. Write a Java program which uses the Railway schema you created earlier to do the following: 1. Accept the following 3 arguments <stcode1 stcode2 distance> and either insert or update the track relation. i.e., insert if no tuple with stcode1 and stcode2 exists, else update the distance. 3. Write a Java program which does the following: 1. Takes as first line of input, a parametrized SQL query, and subsequent lines containing values for the parameters; you can assume that each ? in the SQL query viewed as a string represents a parameter value. 2. Execute the parametrized SQL query, and output its result with one line per row in the result, along with a header containing the names of columns. Use the tab character to separate columns 3. Note: You can assume that what is input is a query, not an update. Count the number of ? characters in the query string to figure out the number of parameters. Don't worry about datatypes, just use setString() to set parameter values, and getString() to get resultset attribute values.

Assignment
1) Write a simple relational algebra processor supporting select, project and natural join, using Java and JDBC, with syntax as below. You can use SQL to carry out the actual relational operations. The relational algebra expression should be taken from System.in. 1. select [pred] relname 2. project [collist] relname 3. join relname1 relname2 Here pred (predicate) and collist (column list) can be passed as is to SQL. 1) Syntax for SELECT : First token of string -> select Last token -> Relation name All the stuff between first & last -> predicate Ex: select "column1='123' and column4='raj'" relationname 2) Syntax for PROJECT : First token of string -> project Last token -> Relation name All the stuff between first & last -> columnlist Ex: project column1,column4 relationname 3) Syntax for JOIN : First token of string -> join Second token -> Relation name1 Third (& Last) token -> Relation name2 Ex: join relation1 relation2

Assignment 6: Servlets You can copy the sample servlet and edit it to get your servlets working. You may find it useful to output debug statements both to the response, and to System.out (you will see it in the tomcat log files) 1. Create a web page with separate forms, and corresponding servlets, to perform each of the following actions: 1. Accept a course code, a year and a semester using a HTML form(written inside a servlet). An example form is given here (semester should be a drop down menu), and display the following data about the course sections that ran in that semester: 1. the course name, 2. each section, with room/timeslot information, along with 1. the names of the instructors of each section (sections must be displayed even if there are no instructors), 2. the list of students taking that section along with their grades. If a grade is null show blank. 2. Create a registration interface, which takes a year, semester, student ID, course id, and section id as input, and registers the student for that section by inserting a record in the takes relation. Example form code is given here. All exceptions should be caught and reported. 2. Create a servlet to provide Login/Logout functionality WITH SQL INJECTION 1. List of SQL Injection Attacks to be done 1. Unauthorised login(Without knowing user password) 2. Drop a table from database 3. Update user password without knowing his/her original password 2. Create a users relation and add a few users with their passwords (Store the password in plain text, for this toy example).An example users relation is given here 3. Create an HTML form that accepts the username and password and submits to this servlet. 4. Verify credentials and on success, set the username in the HTTP Session (cookie) and show a "Welcome <username>" message. (use the request.getSession().setAttribute() method). 5. Provide a logout hyperlink which terminates the HTTP Session and takes the user back to the login screen (use the session.invalidate() method ).

3. Create a servlet to provide Login/Logout functionality WITHOUT SQL INJECTION 1. Use above question Solutions, such that code should be free from SQL Injection attacks. Use prepared statements 2. Create a users relation and add a few users with their passwords (Store the password in plain text, for this toy example). 3. Create an HTML form that accepts the username and password and submits to this servlet. 4. Verify credentials and on success, set the username in the HTTP Session (cookie) and show a "Welcome <username>" message. (use the request.getSession().setAttribute() method). 5. Provide a logout hyperlink which terminates the HTTP Session and takes the user back to the login screen (use the session.invalidate() method ). HttpSession API can be found here.